Thanks for taking the time to review this.  I know there is a lot of 
information, and that puts off a lot of people, but I find it helps most 
people understand the issue and see that I have done my homework.  
Additional comments in-line below.


On 1/5/2016 3:24 PM, debbie...@gmail.com wrote:
> Hi Jeff,
>
> as you put so much work into your post on the forum I did not
> want to hit you with an "off the cuff" answer ...
> but I can, at least, see more clearly your situation.
>
> Also, it seems to me, you have all the necessary tools and knowhow
> to implement the solution yourself .. which you have .. more or less ..
> ie: a "fully routed" solution .. which you claim does not work ?
>
> Quote:
> I added a static route on my default gateway (a PfSense box) to redirect
> any VPN network traffic back to the VPN box, which I believe should 
> send it
> back through the tunnel to the point of origin. However, this did not
> resolve my issue, so I must be mistaken about my routing somewhere, or 
> there
> is something else that I have not considered
>
> What you have not considered is .. pfsense .. we do not support it.
>
> As I have had a similar issues with different routers (and pfsense)
> I will add this as a pointer:
>
> Not all /routers or Operating Systems/ are created equal.
> RFC compliancy is extremely optional ..
>
> Check all your Vendor's documentation ..
> Run a packet sniffer to verify their often bold and inaccurate claims ..
> (Example:
> http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/
>  
>
> )
>
> The point being:
> Check you have "ICMP redirect support" throughout.
>
I am not familiar with ICMP redirect support.  I will have to do some 
more research and education to familiarize myself with this to 
understand how it might apply in my situation.

> Otherwise, add the routes to the clients that need it .. manually
> or from some other central configuration system.
>
This might be my plan of last resort, because I think it is going to 
confuse me more.

> Just my2c .. it worked for me.
>
> Note: OpenVPN cannot help with your routers etc
> Note: ICMP redirect is often considered to be a security risk!
>
> PS: You did not include any logs on your forum post ..
> and .. as (*currently) I am helping mod the forum
> I am currently holding off a misguided reply
> which has been offered to your forum question.
> Presumably you would prefer to add the logs
> of a connection which *does not work* as expected .. first ;)
>
I did not add any logs because there is nothing in the logs relating to 
getting to a client behind the VPN server (I will double check this 
again).  As I mentioned I have a solid connection from the remote client 
to the VPN server, and my logs show that.  But when I try to ping or 
connect to a box on the LAN subnet (other than the VPN server) there is 
no information in the VPN logs that shows a ping failure.  The error I 
get is at the console specifying the destination host is unreachable.  
If there is some specific information that might be in a specific log 
file I can provide it, but I don't know what to look for or what to 
provide that shows it *does not work* as expected.  Clues gladly accepted.

>
> Enjoy the journey .. the destination maybe disappointing ;)
>
I do enjoy the journey; but I do hope the destination is not disappointing.

-- 

Jeff Boyce, CF
Meridian Environmental
2136 Westlake Ave. North
Seattle, WA  98109
206-522-8282
www.meridianenv.com


------------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to